Premo36

Hi, how are you? This is becoming a yearly tradition I'm near the release of a new version of my software, so I uploaded it on virustotal to find out if it trigger any false positive detection, and malwarebytes flagged it as malicious (via the AI heuristic). It did that with also all the beta version but I didn't bother report them as there were not aimed at a broad public. My software is open source and it's sourcecode can be found here https://github.com/Premo36/DML2.X I've attached 2 zip, both contains my software .exe. They are the same software but the mono one is a slightly edited version with a few cutted feature in order to make it run under mono on Linux/Mac OS. Both the .zip and the .exe gets flagged. DML v2.5[MONO].exe https://www.virustotal.com/gui/file/e5303a8a2ea0fb10360f50504c80978396b32904bff7793472721cf8512d2a9d?nocache=1 DML v2.5[WINDOWS].exe https://www.virustotal.com/gui/file/9884c8dabb418887ff666b610d7e547cf528a0654d0ea06307e2faa95c1c9605?nocache=1 DMLv2.5[MONO].zip https://www.virustotal.com/gui/file/4c3343cce5175d4a785bf970cc40d8307bb96122a7f3bc8060405c5af6e2e3cf?nocache=1 DMLv2.5[WINDOWS].zip https://www.virustotal.com/gui/file/2eb873905f840b73580ac2555265fe336e0a17c0f30794f025d973d6720acd61?nocache=1 Thank you! DMLv2.5[MONO].zip DMLv2.5[WINDOWS].zip

Thank you for quick response. In the next few days I'll try to re-scan the files on virustotal hoping that It will fix itself. I wrote a post here as the last time I contacted virustotal they said the couldn't do anything and that only the anti malware companies can fix this kind of issue.

Hi everyone, recently malwarebytes began again to incorrectly flag my software has not safe. The malwarebyte scan on my machine does not trigger any detection (I've still attached the report), but both the .exe and .zip folder containing the .exe gets reported by malwarebytes as MachineLearning/Anomalous.100% if uploaded to https://www.virustotal.com/gui/ DML v2.4.exe result: https://www.virustotal.com/gui/file/74a99654a4a21987fe5120fcf77f7c005e3ac00bc084a5f9633af88d7c1d4d2c/detection DML_v2.4.zip result: https://www.virustotal.com/gui/file/ca2f15fcc5c34c2507a10521a1a0cf07da83f4c0f1cabe67e8ad3aebcaf4fdf5/detection It's not limited to the newest version, as also the last stable version, which has been out for almost a year began to have the same problem. DML v2.3.exe https://www.virustotal.com/gui/file/05788e068cae903c5d5c3f455312dbaa72d66c1f8e546f3a70f10b3e0ff47d24/detection DML_v2.3.zip https://www.virustotal.com/gui/file/acff4fdc6b97aecaa91cc61acf21807df128b0f58e720b223ab60884bed2f607/detection It seems to afflict also some beta releases, at least the most recent one, I didn't uploaded them as there are quite a few of them and for me are not as important as the stable releases, but if it can help train the AI or you may need them for any reason, the .zip files can be found here https://github.com/Premo36/DML2.X/releases If it can help, the software it's open source and it's sourcecode can be found here https://github.com/Premo36/DML2.X Thank you! malwarebytesReport.txt DML_v2.4.zip DML_v2_3.zip

I've just pushed a small update on my software to fix a small bug (The only difference in the whole code it's that I've just removed a space in a string), but that bug was preventing users to load .ini files which is one of the core features, so i had to do a quick fix. Malwarebytes on my pc is back at recognizing it as a malware. I've uploaded again on virus total but it didn't find anything (even after a few rescan). https://www.virustotal.com/gui/file/6ffbb7b73c00bf00a41234c519a83ec2cee3cd5d7ac5e93f812f1c17fba7c608/detection The detection is still "MachineLearning/Anomalous.100%" I've attached the new .exe, the .dll that is needed to the .exe to work and the malwarebytes log in the zipped file. Would it help if every build I do is uploaded (even the developers one) to virus total? Will this train malwarebytes to stop recognizing my software as a malware? Thank you. DML2_publish.zip

It worked, thanks, now it's not recognized anymore.

My desktop PC keeps detecting it as a malware, even after a few reboots. However on my laptop it's not detected anymore. So probalbly some sort of caching is happening on my desktop (What file should I delete to force malwarebytes to truly rescan?). I uploaded just the .exe on virustotal as you suggested and malwarebyte does not detected it. https://www.virustotal.com/gui/file/4fc7fc31e2e3afac8a41bda3230b9aca87907711d1eaaab9ddf372e6c87474ce/detection Thank you.

Thank you, how much do I have to wait before the malwarebyte definition updates rolls out? (I've checked a few minuts ago, after I deleted temp files and I rebooted my pc, malwarbytes still detects it). Also I would like to know if I have to resend the exe every time i update my software and also what kind of suspicius behaviour my software had that may have triggered malwarebytes machine learning heuristic, so next time I can avoid it. Thanks again for your help.

Hi, I've just finished developing my software, and I was ready to release it, but Malwarebytes detected it as a "MachineLearning/Anomalous.100%" malware. I know I'ts a false positive because I developed the software. The .exe file in the .zip it's the one that has been detected. It's a C# (.Net framework 3.5) frontend that provides a user interface to start another software (Not included as it's not mine and it's not recognized as a malware) with some arguments (arguments depends on what the user do within the frontend). It stores some data to keep preferences in a folder in %appdata% and download from the internet a text file that it use to eventually notify the user about a new version. The same txt also contains 2 urls, one for the new version download page and the other one it's used to download another text file that contains the full changelog history. That pretty much all it does. The p36_utilities.dll it's a library that I wrote and it contains some generic functions to read and write data. My software need it to work. It was not detected. In the attached .zip i've also saved "log.txt" which is the malwarebytes log of the scan. Thank you DML2.zip